The increase is further proof that users of any system are vulnerable to hacks.

Researchers are reporting a spike in hack attacks targeting Mac OS X systems for the purpose of surreptitiously monitoring users' e-mail and chat contacts and maintaining persistent control over their computers.

The increased attacks are targeting supporters of the Uyghur people, a Turkic ethnic group who primarily live in a region of China, according to two separatereports independently published by researchers from Kaspersky Lab and AlienVault Labs. They are the latest to document the growing vulnerability of Mac users to so-called advanced persistent threats, which target users over a span of months or years to mine specific proprietary or social information of interest to the attackers.

"With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users," wrote Costin Raiu, director of Kaspersky's global research and analysis team. "In general, Mac users operate under a false sense of security which comes from the years-old mantra that 'Macs don’t get viruses.'"

As with some of the previous attacks, the perpetrators of the campaign documented in Wednesday's reports tricked users into opening booby-trapped Microsoft Word documents that exploit a vulnerability that was fixed in 2009. Those who fall for the ruse and are using out-of-date versions of Word are infected with an off-the-shelf backdoor known as TinySHell. The malware is configured to connect to command and control servers that have been used for years in APT attacks.

Macs have been successfully targeted in a variety of other espionage campaigns, as Ars has reported previously here, here, and here. Last year, commercially motivated malware known as Flashback also infected an estimated 500,000 Macs by targeting a vulnerability in Oracle's Java browser plugin.

Malicious hackers generally only do as much work as necessary to infect their targets, and that may explain why the tools in this campaign are relatively primitive. If the targets are using old systems with no antivirus protection and haven't been trained to avoid e-mail-borne attachments, the perpetrators have little reason to use more valuable firepower. Indeed, attacks that have succeeded for years against Windows users also employ easy-to-defeat techniques. Wednesday's reports are a good reminder that no matter what kind of computer people are using, users are vulnerable to attacks that can completely compromise their personal, business, and social secrets.

Readers are reminded to install security patches as soon as possible and avoid clicking on links included in e-mails, even when they appear to come from a friend, work colleague, or other known sender. Readers may also want to consider the use of third-party antivirus protection. Mac AV is available from a variety of providers, including Sophos, Intego, Kaspersky, and Avast, to name just a few.

Promoted Comments

Too funny - this article is supposed to be about Macs getting viruses when in reality it is about folks using woefully out of date MICROSOFT products that create an available attack vector.

This is not to say that Mac OS X has no vulnerabilities, that would be silly to say. Everything is vulnerable. I just find it funny how often it is a Microsoft or Java (Oracle) problem that causes the attack vector.

Well, is not like people use programs that don't come with the OS that are produced by Apple.

Most vulnerabilities are using not the OS directly but some third program as a vector by which they can get into the meat of things. Microsoft and Java are the most popular programs, ergo, will be used as vectors most often. Its simple math really.

There are much less secure programs, but they also are much less broadly used.

Oh, so Macs are popular with Uyghurs? Absolutely no implications intended, that's just an interesting convergeance of data points. Naturally the attackers would want to go for whatever platform's the most saturated.

Too funny - this article is supposed to be about Macs getting viruses when in reality it is about folks using woefully out of date MICROSOFT products that create an available attack vector.

This is not to say that Mac OS X has no vulnerabilities, that would be silly to say. Everything is vulnerable. I just find it funny how often it is a Microsoft or Java (Oracle) problem that causes the attack vector.

Too funny - this article is supposed to be about Macs getting viruses when in reality it is about folks using woefully out of date MICROSOFT products that create an available attack vector.

This is not to say that Mac OS X has no vulnerabilities, that would be silly to say. Everything is vulnerable. I just find it funny how often it is a Microsoft or Java (Oracle) problem that causes the attack vector.

Well, is not like people use programs that don't come with the OS that are produced by Apple.

Most vulnerabilities are using not the OS directly but some third program as a vector by which they can get into the meat of things. Microsoft and Java are the most popular programs, ergo, will be used as vectors most often. Its simple math really.

There are much less secure programs, but they also are much less broadly used.

These days, safety means not installing software from Microsoft, Adobe, or Oracle (Java). These are cross-platform applications and exploits that affect one OS's version of the app are likely to affect the other OS's versions of the app, too. This is much easier than engineering an attack against the OS itself, and since the Chinese government hacked into the source code from these companies in 2010, it makes it extremely easy to find zero-day vulnerabilities.

Apple's number one problem is that during the setup process for Mac OS X, they don't have you setup an administrator account AND THEN give you a user account for your day-to-day use.

I'm pretty certain that there hasn't been (and in this case, there wouldn't be) a single issue in the history of Mac OS X malware being effective were one to be using a "standard" user account instead of an "admin" account. Being a UNIX admin, i have done this since the beginning of Mac OS X. gsfprezadmin account for admin/rooty things, and gsfprez for my user account.

SO.... yes. Since 2001 until 2013, I have had a ZERO malware experience despite never having installed (or paid for) any anti-virus software to slow down my Macs. (insert warm feeling of smugness here)

Apple is in the wrong for not enforcing this, but its totally possible with a single, non-obvious step that Apple must fix in its setup process, to have had a 12 year long malware-free and antivirus-free experience on a Mac.

No person who has computer tech expertise that I know of (including me) has ever said that it is impossible for the Mac OS or any other personal computer OS to get malware/viruses/Trojans.

The debate has been about what are the chances of a non-technical person using a Mac OS getting malware/virus/a Trojan?

So, it is a debate about risk for nontechies. Is there a greater chance of the average user getting malware/virus or a Trojan when using Windows?. In my experience in the last 15 years, the answer to this question is yes.

I have dealt with hundreds of Windows machines and with over 50 examples of malware attacks on Windows. The reason? Because Windows has always been and is still by far the most popular PC OS. So, malware writers mostly focus on Windows.By contrast I have been involved with over 50 people who use Macs and I've never come across a Macintosh computer infected by malware.

* It isn't that a Mac can't be infected by malware. It is just that the chance of it happening is much less in comparison to a Windows computer. In my experience at least.

As a prominent member on a certain Mac forum, I'm going to suggest among our most influential people that we disregard and dispel the notion that "Mac's don't need anti-virus" and they employ some sort of always on anti-malware/site/virus as something like the Black Hole Exploit is merely a click away.

Apple is slow to threats, slow to update, issues patches when they feel like it instead of monthly or even faster in emergency situations. Only someone ignorant of security issues uses Safari, rather opting for the faster updates of Chrome and Firefox instead.

Apple don't issue updates for older OS X versions on perfectly working hardware, deny Safari 6 updated security for the over 50% of OS X users on 10.6. OS X Unix core is safe, it's just all the software running on top is the problem, Webkit mostly. (iTunes, Safari)

Apple in short is in a security mess, it takes one or two months for software to get updated on AppStore, just ask Opera folks or look at the Kindle app.

Apple Cupertino HQ's IP addresses was pwned by Flashback, they took 3 years to fix the iTunes Finfisher exploit.

Also I think a worm was going around via Apple Software Update on Windows machines, it only infected those machines with that installed, despite all being on the same IP and network.

I would advise a outside scan if you have their software installed prior to last update, your anti-virus may be lying to you.

Too funny - this article is supposed to be about Macs getting viruses when in reality it is about folks using woefully out of date MICROSOFT products that create an available attack vector.

This is not to say that Mac OS X has no vulnerabilities, that would be silly to say. Everything is vulnerable. I just find it funny how often it is a Microsoft or Java (Oracle) problem that causes the attack vector.

The article seems to not be pointing fingers at Apple or Microsoft software, but rather the Mac users themselves being too comfortable. The Mac users make good targets for old exploits because they are under the impression that they are so safe from attack, when they clearly are not.

I look at Apple like a hovering parent. Pad everything in foam and the kid won't ever get hurt, right? But what happens when something new comes into the environment or the kid has to go into an unpadded environment? He's probably going to get hurt because he doesn't know how to avoid obstacles. That of course is not to say that everyone in that environment will be vulnerable. Likewise, some raised outside of that protected environment may still get hurt. The point is, those raised outside of the environment are probably better equipped, and we should all embrace the danger of the world because it's not going anywhere.

If anything, this just illustrates that no one is safe. Doesn't matter what OS you're running, or whatever precautions you may have taken. See: Red October, etc.

I don't have any particular reason to be paranoid, but the thought that I may have something similar on my machines without my knowledge, is very unsettling.

Should I be booting to and working in a Linux live cd?

If you want to be unhackable, it's best to have an offline PC where important documents live. Even in the case that it becomes infected, with some care it won't be able to transmit that information anywhere else. I know many people that do this.

For a more user-friendly measure, install VirtualBox (sans extensions) on your main PC and create a virtual Linux PC for all Internet browsing, and don't use the Host OS's browser.

No person who has computer tech expertise that I know of (including me) has ever said that it is impossible for the Mac OS or any other personal computer OS to get malware/viruses/Trojans.

The debate has been about what are the chances of a non-technical person using a Mac OS getting malware/virus/a Trojan?

So, it is a debate about risk for nontechies. Is there a greater chance of the average user getting malware/virus or a Trojan when using Windows?. In my experience in the last 15 years, the answer to this question is yes.

I have dealt with hundreds of Windows machines and with over 50 examples of malware attacks on Windows. The reason? Because Windows has always been and is still by far the most popular PC OS.By contrast I have been involved with over 50 people to use Macs and I've never come across a Macintosh computer infected by malware.

* It isn't that a Mac can't be infected by malware. It is just that the chance of it happening is much less in comparison to a Windows computer. In my experience at least.

The average person has two choices for comptuers - Macs and Windows machines. If they chose Macs, they would have had a comfortable, virus-free living situation since 2001. If they chose to use Windows, it would have been years of ass-pain and anti-virus software slowing down their machines, and "is it really anti-virus software?" links and "will is really make my machine run better?" scams.

You can't look at the situation logically and dispassonately any other way unless you're lying to yourself or to the people who you want to provide IT support to.

It sounds to me that most of these infections are because the users are not using legitimate software

That could be the case. It could also be that they are using legitimate software and just don't care to keep that software updated. Security is not a concern of the average computer user, no matter how hard we try to educate them.

Too funny - this article is supposed to be about Macs getting viruses when in reality it is about folks using woefully out of date MICROSOFT products that create an available attack vector.

This is not to say that Mac OS X has no vulnerabilities, that would be silly to say. Everything is vulnerable. I just find it funny how often it is a Microsoft or Java (Oracle) problem that causes the attack vector.

The article seems to not be pointing fingers at Apple or Microsoft software, but rather the Mac users themselves being too comfortable. The Mac users make good targets for old exploits because they are under the impression that they are so safe from attack, when they clearly are not.

I look at Apple like a hovering parent. Pad everything in foam and the kid won't ever get hurt, right? But what happens when something new comes into the environment or the kid has to go into an unpadded environment? He's probably going to get hurt because he doesn't know how to avoid obstacles. That of course is not to say that everyone in that environment will be vulnerable. Likewise, some raised outside of that protected environment may still get hurt. The point is, those raised outside of the environment are probably better equipped, and we should all embrace the danger of the world because it's not going anywhere.

Actually... in the iPad environment, there hasn't been a single case of an exploit negatively affecting a real use in the wild. iPhones and iPod touches too. And the chances of it happening are infintely better (x/0 = infiinity) when compared to Android, which is the largest growing arena of malware (a lot of which comes from the Google Play store) going today.

Apple's number one problem is that during the setup process for Mac OS X, they don't have you setup an administrator account AND THEN give you a user account for your day-to-day use

....

Apple is in the wrong for not enforcing this, but its totally possible with a single, non-obvious step that Apple must fix in its setup process, to have had a 12 year long malware-free and antivirus-free experience on a Mac.

This is unnecessary, as you have to enter your password to do anything that requires admin privileges regardless of who you're logged on as. And you don't have root either way.

MS has gotten MUCH better than the XP days, and the OS itself is pretty secure when you look at a baseload. The third party stuff is almost always where things come from. Java, Flash, Adobe, or outdated software.

This article just points out the target audience theory. The group they are going after use Mac and an old version of MS office. target that.

you just want a big user base? go MS. you want an unsuspecting userbase? go mac. I routinely have to tell my sister not to install Mac "cleanup" products because she does not really have 10k "problem files". she may have thousands of cookies, but they are not problems, the cleanup software probably is, and that she installs willing and gives it the password. (thus malware instead of a virus because it won't spread itself)

Apple's number one problem is that during the setup process for Mac OS X, they don't have you setup an administrator account AND THEN give you a user account for your day-to-day use..

That's one thing, another is Safari just allowing a download to occur without warning so it sits in one's cluttered up Downloads folder awaiting a click to see what it is. Firefox's pop-up downloads window to ask to proceed is better.

Another is, even if one is running as a Standard user, if something runs in User space it can then place the malware program in a Users folder and replace a icon on the Dock with a duplicate that does require Admin access, like Disk Utility. Boom, rooted, like it really needs it if it's only after users files or personal information which is right there for any browser or plugin to upload.

Actually... in the iPad environment, there hasn't been a single case of an exploit negatively affecting a real use in the wild. iPhones and iPod touches too. And the chances of it happening are infintely better (x/0 = infiinity) when compared to Android, which is the largest growing arena of malware (a lot of which comes from the Google Play store) going today.

A lack of a permission system, however, allows apps to easily harvest personal information from your iPhone and iPad and then do what they wish with it. So maybe no one was harmed by that yet (kind of tough to prove, btw), but if you think that you are in a nice, safe padded room, you are wrong. At least Android allows you to reject apps that get too ambitious with the permissions. You're kind of supporting my argument.

Tell them that MS is still providing security patches to an OS released in 2001 (Windows XP)

Compare that to a version of OS X released in 2007 (Leopard).

/pWned.

Microsoft took too long to get XP's successor out the door (essentially a whole release cycle was missed) and the difference between XP and Vista was much larger than between any two versions of OSX I've ever used, and the problems of Vista scared a whole lot of people off upgrading and many didn't trust to the reports of Win 7 being dramatically better. Upgrading an existing Mac to a newer OSX is, in contrast, pretty frequent, pretty cheap and quite easy (yes, the initial investment is pretty large). MS still supports Windows XP with security updates not because it's reasonable to be that many OS revisions behind, but because:

a) they have the cheap end of computer customers who have cheap hardware and won't pay for an OS upgrade until their hard drive wheezes its last, but they don't want to leave these people exposed to vulnerabilities,

b) XP is still very widely pirated, especially in countries like China, and even though these people have never paid MS a cent, they are propagation vectors for said vulnerabilities. Saving home users from themselves helps protect corporate customers and reduces headaches all around.

edit: as someone else notes below, there is the Great PPC/x86 Divide in OSX history, which creates a pretty hard dropoff of support. Some people claim that in a few years, desktop Macs will be ARM and there'll be another support dropoff, but I doubt it.

Tell them that MS is still providing security patches to an OS released in 2001 (Windows XP)

Compare that to a version of OS X released in 2007 (Leopard).

/pWned.

My head didn't explode, but I do try to warn Mac users that Apple tends to drop them for security updates if they don't pay to upgrade OS X when a new one is released, or in some cases with a powerful machine, replace the hardware even though it's still working perfectly because Apple ignores them for OS X upgrades and security updates.

15% of Mac's are running 10.5, a outdated OS X version likely mostly on PPC machines.

40-50% are running 10.6, which got iTunes 11, but NOT Safari 6.

10.7 and 10.8 are receiving attention, however something is about to be dropped this spring when 10.9 is released, my guess is 10.6 will be totally ignored. (attention hackers, target the changes between Safari 5 and Safari 6)

I like Windows 7 getting updates (and no crazy UI changes) until 2020. I feel at peace using it now in a VM that is.

Apple has this misconception their users all will upgrade and are capable or willing to do so.

Most of Apple's users are just plain users and expect the Software Update mechanism to protect them, but Apple lets them down.

These days, safety means not installing software from Microsoft, Adobe, or Oracle (Java). These are cross-platform applications and exploits that affect one OS's version of the app are likely to affect the other OS's versions of the app, too. This is much easier than engineering an attack against the OS itself, and since the Chinese government hacked into the source code from these companies in 2010, it makes it extremely easy to find zero-day vulnerabilities.

Actually I would say that IN THIS CASE safety means updating your software. The article says that the exploit had already been patched by the vendor. Of course that doesn't help with zero day (recently Java, Adobe, Microsoft, etc..) exploits. I can't think of a company that hasn't had a few of those floating around at one time or another. Open Office maybe? I would think there are zero day exploits hiding out in there, but adoption being so low, I doubt anyone has dug them out yet.

You talk about Mac OS X vulnerabilities - but show us a MS Windows-based Word Doc. Nice.

Quote:

"With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users," wrote Costin Raiu, director of Kaspersky's global research and analysis team. "In general, Mac users operate under a false sense of security which comes from the years-old mantra that 'Macs don’t get viruses.'"

This is a flawed assessment.

This shoudl read computer Users in general operate under a false sense of security because most Users do not educate themselves.

Many Mac Users I know are very aware of vulnerabilities of any OS. We just know not to click on stupid links that "look" like they've been sent from a buddy.

We know not to download Installers from 3rd party Sites (flashback anyone ?) for Software we can just as easily get from the source company.

Funny how you spotlight Mac-centric exploits on here more than most other OSes.

That stigma about "Macs not getting viruses" disappeared when Apple migrated away from MacOS to Unix. Then it became susceptible to as many Unix exploits as any other flavor of Unix. Why you guys keep living 15 years in the past with this thinking is a puzzle.

If anything, this just illustrates that no one is safe. Doesn't matter what OS you're running, or whatever precautions you may have taken. See: Red October, etc.

I don't have any particular reason to be paranoid, but the thought that I may have something similar on my machines without my knowledge, is very unsettling.

Should I be booting to and working in a Linux live cd?

Linux is not much better than a OSX. No one is immune.

I can see how that might be implied with my comment, but that wasn't my intent. I was merely suggesting that booting from a known good state might provide some reassurance that I wasn't booting into a potentially compromised environment.

The suggestion of a LiveCD over a Live USB was purposeful, as a USB could potentially be infected due to persistence. Apparently the lock switches on USB sticks aren't enforced on a hardware level.

a new, mostly undetected version of the MaControl backdoor Trojan, which supports both i386 and PowerPC Macs.

This malware affects both 386 Windows machines and Power PC Macs. It is therefore not a threat to people using modern Windows/Macintosh machines.- This topic is not relevant to the question about Malware threats for the average user in the Western world.

Quote:

Activists have long been engaged in a political rights struggle for the Uyghurs, a Turkic ethnic group who live mainly in the Xinjiang Uyghur Autonomous Region of northwest China.

The Malware is targeting Chinese activists who are supporting the Uyghur people. This is further evidence imo of the oppressive Chinese government.- Again this is a special case about Chinese dissidents and not about threats to typical PC/Mac users.

Quote:

Kaspersky senior researcher Roel Schouwenberg did not lay the blame on the Chinese government.

"We haven't been able to determine exactly how many people have been targeted," he said. "However, given the style of the campaign and the target, we assume it has a very limited scope.

"A VERY LIMITED SCOPE" straight from the expert from Kaspersky.

So, why is the headline on Ars? "Malware attacks spike against Apple OS X users in China enclave: The increase is further proof that users of any system are vulnerable to hacks."- While computer security should be taken seriously, (and I have dealt with this at my job for two decades), what is more important for some techies on the internet is to continue a campaign to criticize Apple.- Maybe they don't like Apple lawsuits. Maybe they don't like that Apple produces more closed systems.

* I don't know what the motivation is by Ars with this article but I do know this fact.This topic of Chinese dissidents with 10-year-old computers being the target of a very focused attack by presumably the Chinese government, has almost nothing to do with the risk of Malware to the average user in the Western world.

a new, mostly undetected version of the MaControl backdoor Trojan, which supports both i386 and PowerPC Macs.

This malware affects both 386 Windows machines and Power PC Macs. It is therefore not a threat to people using modern Windows/Macintosh machines.- This topic is not relevant to the question about Malware threats for the average user in the Western world.

No offense but you completely misunderstood that sentence.

It says it works on new Macs and old Macs.

Personally, I would have used the terminology x86, but since 486, 586..., are supersets of the core i386 features that make an "Intel" chip, it's not incorrect per se.